Bug 955850 - Fix regalloc safepoint issue. r=djvj, a=abillings
authorJan de Mooij <jdemooij@mozilla.com>
Thu, 09 Jan 2014 12:10:14 +0100
changeset 166935 46cd787239b7d0c4d2b1e91d7f189b2ea83a45df
parent 166934 30089f3e525eeedf9dbb85ff4a17c7f3ceb1bef7
child 166936 c4423bc77e5e70e51055f4c7a926d3159e92506d
child 166938 cdd4b0b788a379a75479b968b178a3e4e2ce714d
push id1
push usersledru@mozilla.com
push dateThu, 04 Dec 2014 17:57:20 +0000
reviewersdjvj, abillings
bugs955850
milestone27.0
Bug 955850 - Fix regalloc safepoint issue. r=djvj, a=abillings
js/src/jit/LinearScan.cpp
--- a/js/src/jit/LinearScan.cpp
+++ b/js/src/jit/LinearScan.cpp
@@ -579,19 +579,25 @@ LinearScanAllocator::populateSafepoints(
                 if (!typeInterval && !payloadInterval)
                     continue;
 
                 LAllocation *typeAlloc = typeInterval->getAllocation();
                 LAllocation *payloadAlloc = payloadInterval->getAllocation();
 
                 // If the payload is an argument, we'll scan that explicitly as
                 // part of the frame. It is therefore safe to not add any
-                // safepoint entry.
-                if (payloadAlloc->isArgument())
+                // safepoint entry, as long as the vreg does not have a stack
+                // slot as canonical spill slot.
+                if (payloadAlloc->isArgument() &&
+                    (!payload->canonicalSpill() || payload->canonicalSpill() == payloadAlloc))
+                {
+                    JS_ASSERT(typeAlloc->isArgument());
+                    JS_ASSERT(!type->canonicalSpill() || type->canonicalSpill() == typeAlloc);
                     continue;
+                }
 
                 if (isSpilledAt(typeInterval, inputOf(ins)) &&
                     isSpilledAt(payloadInterval, inputOf(ins)))
                 {
                     // These two components of the Value are spilled
                     // contiguously, so simply keep track of the base slot.
                     uint32_t payloadSlot = payload->canonicalSpillSlot();
                     uint32_t slot = BaseOfNunboxSlot(LDefinition::PAYLOAD, payloadSlot);